An Annotated Dr. Watson Log File

ID: Q81142


The information in this article applies to:
  • Microsoft Windows Software Development Kit (SDK) 3.1


SUMMARY

Dr. Watson is a utility that logs information about applications that fail. This article presents a sample log file and explains what the various entries signify. Comments in the log file start with pound sign (#).


MORE INFORMATION

This article annotates a log file for the BICHO application, which tests Windows by faulting in the various ways. Bicho is Bolivian slang for "bug" or "critter."


# Dr. Watson writes the following line each time it starts execution
# unless the [dr. watson] section of the WIN.INI file contains the
# line SkipInfo=time:

Start Dr. Watson 0.80 - Thu Sep 26 10:51:28 1991

# These lines mark the beginning of a Dr. Watson failure report
# They report the version of Dr. Watson and the date and time of the
# reported event.

**********************************************************************
Dr. Watson 0.80 Failure Report - Thu Sep 26 10:51:36 1991

# The next line reports that an application named "BICHO" encountered
# an "Exceed Segment Bounds" fault while reading memory. The precise
# point of failure was also in BICHO, 0x6b bytes after the start of
# the DoCommand function.

BICHO had a 'Exceed Segment Bounds (Read)' fault at BICHO
_DoCommand+006b

# The following line repeats the previous information formatted for
# automatic parsing code. It also includes the instruction that caused
# the fault (a push instruction in this case).

$tag$BICHO$Exceed Segment Bounds (Read)$BICHO _DoCommand+006b$push
word ptr [fffe]$Thu Sep 26 10:51:36 1991

# The following lines report the contents of the CPU registers:

CPU Registers (regs)

# The 16-bit registers are listed first. This information can be
# useful to determine what address an instruction modified when the
# fault occurred.

ax=1e54  bx=0014  cx=0d7f  dx=0111  si=1e54  di=0111

# The next items are the instruction pointer (otherwise known as the
# program counter), stack pointer, and base pointer. This line also
# lists the state of the flag bits. In this example, the Overflow,
# Direction, Sign, Zero, and Carry bits are Clear (0), while the
# Interrupt, Auxcarry, and Parity bits are Set (1).

ip=02fd  sp=230c  bp=237a  O- D- I+ S- Z- A+ P+ C-

# The code segment selector is 0e57, linear address is 8059fbc0. The
# code segment's limit is 83f. (Enhanced mode linear addresses often
# start with 8xxx.) Accessing a code or data segment beyond its limit
# is a common cause of GP faults.

cs = 0e57  8059fbc0:083f Code Ex/R

# The next line provides information about the stack segment selector.

ss = 0d7f  8059d5e0:25df Data R/W

# The following line provides information about the data segment
# selector. Note that the limit is 25df, while the application
# attempted to read the value at fffe, which is beyond the segment's
# limit.

ds = 0d7f  8059d5e0:25df Data R/W

# The following line provides information about the extra segment
# selector:

es = 0d7f  8059d5e0:25df Data R/W

# The next lines provide information about the 32-bit registers.
# If a selector is 0, it corresponds to the null pointer. Attempting
# to use a null pointer is another common cause of GP faults.

CPU 32 bit Registers (32bit)
eax = 00001e54  ebx = 00000014  ecx = ffff0d7f  edx = 00000111
esi = 00001e54  edi = 00000111  ebp = 0000237a  esp = 800422fc
fs = 0000         0:0000 Null Ptr
gs = 0000         0:0000 Null Ptr
eflag = 00000002

# The next lines provide information about the Windows installation.

System Info (info)
Windows version 3.10
Debug build  # The debug version of windows (from the SDK) was running
Windows Build 3.1.048 # This is a prerelease build of Windows, #48
Username Unknown User               # Your Name Here
Organization Unknown Organization   # Your Organization Here

System Free Space 7131008

# The following provides the stack size for the current task:

Stack base 1122, top 9164, lowest 7504, size 8042

# Dr. Watson records some statistics about the Windows environment:

System resources:  USER: 87% free, seg 0777  GDI: 85% free, seg 05d7
LargestFree 6594560, MaxPagesAvail 1610, MaxPagesLockable 267
TotalLinear 1948, TotalUnlockedPages 274, FreePages 52
TotalPages 614, FreeLinearSpace 1611, SwapFilePages 7158
Page Size 4096
4 tasks executing.
WinFlags -
  Math coprocessor
  80386 or 80386 SX
  Enhanced mode
  Protect mode

# The following records the contents of the stack to determine what
# code called the routine that failed:

Stack Dump (stack)

# Stack frame 0 indicates that the failure occurred in BICHO, 0x6b
# bytes after the start of the DoCommand function, as reported
# earlier.

Stack Frame 0 is BICHO _DoCommand+006b        ss:bp 0d7f:237a

# The offending instruction is disassembled in context, as follows:

0e57:02f0  e9 02b9               jmp    near 05ac
0e57:02f3  6a 00                 push   00
0e57:02f5  9a 8db0 0477          callf  0477:8db0
0e57:02fa  e9 02af               jmp    near 05ac
(BICHO:_DoCommand+006b)
0e57:02fd  ff 36 fffe            push   word ptr [fffe]
0e57:0301  68 0110               push   0110
0e57:0304  e8 fe5d               call   near 0164
0e57:0307  83 c4 04              add    sp, 04

# The application tried to read a value from memory at address DS:fffe
# and to push that value on the stack. However, the limit of the DS
# segment is 25df. The next stack frame documents that the BICHO
# application MainWndProc called DoCommand:

Stack Frame 1 is BICHO MAINWNDPROC+0027       ss:bp 0d7f:2388

0e57:0670  eb 16                 jmp    short 0688
0e57:0672  ff 76 0a              push   word ptr [bp+0a]
0e57:0675  56                    push   si
0e57:0676  e8 fc19               call   near 0292
(BICHO:MAINWNDPROC+0027)
0e57:0679  83 c4 04              add    sp, 04
0e57:067c  99                    cwd
0e57:067d  eb 1f                 jmp    short 069e
0e57:067f  6a 00                 push   00

# "USER" in the next stack frame is the Windows module USER.EXE. It
# calls application window and dialog procedures. In this case, USER
# called the BICHO application's MainWndProc.

Stack Frame 2 is USER IDISPATCHMESSAGE+007e   ss:bp 0d7f:239e

# In the next stack frame, the BICHO application's WinMain function
# called DispatchMessage, which called MainWndProc.

Stack Frame 3 is BICHO WINMAIN+0050           ss:bp 0d7f:23bc

# In the last stack frame, the Windows start-up code calls the
# application's WinMain function.

Stack Frame 4 is BICHO 1:00a3                 ss:bp 0d7f:23ca

# The next lines list all the tasks running in the system when the
# fault occurred. Dr. Watson itself, the shell application, and the
# faulting application will always be included.
System Tasks (tasks)

Task  WINEXIT, Handle 0daf, Flags 0001, Info    9248 08-09-90 16:52
  FileName C:\MS\WIN\DON\WINEXIT.EXE
Task DRWATSON, Handle 0ea7, Flags 0001, Info   26256 09-23-91 12:00
  FileName C:\WIN31\DRWATSON.EXE
Task  PROGMAN, Handle 060f, Flags 0001, Info  110224 09-23-91 12:02
  FileName C:\WIN31\PROGMAN.EXE
Task    BICHO, Handle 0da7, Flags 0001, Info   16537 09-11-91  8:45
  FileName D:\BICHO.EXE

# The last part of a failure report is any information typed in the
# "Dr. Watson's Clues" dialog box.

1> I ran a test app that accessed a value
2> beyond the limits of the segment bounds.

# Dr. Watson writes this line when it shuts down.

Stop Dr. Watson 0.80 - Thu Sep 26 10:52:10 1991 

Additional query words: 3.10

Keywords : kb16bitonly
Version :
Platform :
Issue type :


Last Reviewed: July 15, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.